Excel Report Template Security
BG last edited by BG
First of all here are my system specs:
Mango Core: 3.5.6
Mango API: 3.5.2
Mango UI: 3.5.5
Platform: Centos 7.4.1708
Java Version: 1.8.0_161
One of our users have pointed out an issue with the file store for the Excel Report Templates. When one user is logged in and creates an excel report they can see everyone's templates in the folder. This is a data protection issue since the templates usually have the users name and site name in the title of the template.
For example a user is logged in and would like to set up a new Excel report:
The reports from other users are not visible and that is great. but when they go to choose a file:
All the other user files are visible.
I can't see anywhere in the system that allows me to put passwords on the templates to prevent this from happening.
Is there anywhere in the background that I could add permissions to stop users from seeing other templates that do not belong to them?
p.s. I just checked the way the reports worked in mango 2.8. This is not an issue because the choose file button only gives the user the ability to browse their own local drives.
CraigWeb last edited by
I don't believe this is possible at the moment but I might be wrong but it sure does seem like a feature worth having!
I was trying several permission variations and removed read permission to the entire filestore. The result was that I lost the logos and other image files that were uploaded for the dashboards but there was no change to the excel reports filestore for some reason. Each user was still able to see everyone's templates.
I am eager to get a solution to this issue which has become a problem for us.
I just saw the forum entry for the changes made to the modules for 3.6 beta 6.
I think some of those changes are addressing my concerns here.
How soon can I expect the beta to become a general release?
phildunlap last edited by
I do not believe a fix for this observation is in that beta. I do believe it is our intention to make that fix. The timeline of the release is not firmly established. I will update you when a fix for the issue is in the code, and when it is released.
Thank you for the update. In the mean time I will have to anonymise the spreadsheet templates.